Helm Chart

Security: To verify the container’s authenticity and inspect its SBOM, see the Attestation & Verification Guide.

Installing the Helm Chart

The Subnoto MCP Server is available as a Helm chart published to an OCI registry. This makes it easy to deploy to any Kubernetes cluster.

Installation

Install the chart directly from the OCI registry:

helm install mcp-server oci://registry-1.docker.io/subnoto/mcp-server --version 0.1.4

Available Versions

View available versions on Docker Hub or use the Docker Hub API:

curl -s https://registry.hub.docker.com/v2/repositories/subnoto/mcp-server/tags/ | jq -r '.results[].name'

Configuration

Configuration Parameters

Parameter	Description	Default
`replicaCount`	Number of replicas	`1`
`image.repository`	Container image repository	`subnoto/mcp-server`
`image.tag`	Container image tag	Chart version
`image.pullPolicy`	Image pull policy	`IfNotPresent`
`env.API_BASE_URL`	Subnoto API base URL	`https://enclave.subnoto.com`
`env.API_ACCESS_KEY`	Subnoto API access key	Required
`env.API_SECRET_KEY`	Subnoto API secret key	Required
`env.DISABLE_ATTESTATION`	Disable attestation verification	`false`
`env.ATTESTATION_PUBLIC_KEYS`	Base64-encoded attestation public keys	`""`
`env.MCP_TRANSPORT`	Transport mode (stdio/http)	`http`
`service.type`	Kubernetes service type	`ClusterIP`
`service.port`	Service port	`8080`
`ingress.enabled`	Enable ingress	`false`
`resources.requests.memory`	Memory request	`256Mi`
`resources.requests.cpu`	CPU request	`100m`
`resources.limits.memory`	Memory limit	`512Mi`
`resources.limits.cpu`	CPU limit	`500m`

Ingress Configuration

To expose the MCP server externally:

ingress:
    enabled: true
    className: nginx
    annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-prod"
    hosts:
        - host: mcp.example.com
          paths:
              - path: /
                pathType: Prefix
    tls:
        enabled: true
        secretName: mcp-server-tls